I am trying to modify Jetty 10.0.15 to handle http to https redirection. I tried searching in their official Operations guide but i cant find anything. For example:
http://localhost:8443/login?lang=en -> https://localhost:8443/login?lang=en
or also have the option to redirect http 8081 port to https post 8443
http://localhost:8081/login?lang=en -> https://localhost:8443/login?lang=en
Is this possible? Do i need to modify the ssl.ini or http.ini files in the start.d folder? In my webapps folder i am also using a context file xml.
Thanks!
PS here are the ini files:
ssl.ini
# ---------------------------------------
# Module: ssl
# Enables a TLS (SSL) connector to support secure protocols.
# Secure HTTP/1.1 is provided by enabling the "https" module and secure HTTP/2 is provided by enabling the "http2" module.
# ---------------------------------------
--module=ssl
### TLS (SSL) Connector Configuration
## The host/address to bind the connector to.
# jetty.ssl.host=0.0.0.0
## The port the connector listens on.
jetty.ssl.port=8443
## The connector idle timeout, in milliseconds.
# jetty.ssl.idleTimeout=30000
## The number of acceptors (-1 picks a default value based on number of cores).
# jetty.ssl.acceptors=1
## The number of selectors (-1 picks a default value based on number of cores).
# jetty.ssl.selectors=-1
## The ServerSocketChannel accept queue backlog (0 picks the platform default).
# jetty.ssl.acceptQueueSize=0
## The thread priority delta to give to acceptor threads.
# jetty.ssl.acceptorPriorityDelta=0
## Whether to enable the SO_REUSEADDR socket option.
# jetty.ssl.reuseAddress=true
## Whether to enable the SO_REUSEPORT socket option.
# jetty.ssl.reusePort=false
## Whether to enable the TCP_NODELAY socket option on accepted sockets.
# jetty.ssl.acceptedTcpNoDelay=true
## The SO_RCVBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedReceiveBufferSize=-1
## The SO_SNDBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedSendBufferSize=-1
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with an HTTP 400 response.
# jetty.ssl.sniRequired=false
## Whether client SNI data is checked to match CN and SAN in server certificates.
## When SNI is checked, if the match fails the connection is rejected with an HTTP 400 response.
# jetty.ssl.sniHostCheck=true
## The max age, in seconds, for the Strict-Transport-Security response header.
# jetty.ssl.stsMaxAgeSeconds=31536000
## Whether to include the subdomain property in any Strict-Transport-Security header.
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation.
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with a TLS handshake error.
# jetty.sslContext.sniRequired=false
## The Endpoint Identification Algorithm.
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String).
# jetty.sslContext.endpointIdentificationAlgorithm=
## The JSSE Provider.
# jetty.sslContext.provider=
## The KeyStore file path (relative to $JETTY_BASE).
# jetty.sslContext.keyStorePath=etc/keystore.p12
## The KeyStore absolute file path.
# jetty.sslContext.keyStoreAbsolutePath=${jetty.base}/etc/keystore.p12
## The TrustStore file path (relative to $JETTY_BASE).
# jetty.sslContext.trustStorePath=etc/keystore.p12
## The TrustStore absolute file path.
# jetty.sslContext.trustStoreAbsolutePath=${jetty.base}/etc/keystore.p12
## The KeyStore password.
# jetty.sslContext.keyStorePassword=
## The Keystore type.
# jetty.sslContext.keyStoreType=PKCS12
## The KeyStore provider.
# jetty.sslContext.keyStoreProvider=
## The KeyManager password.
# jetty.sslContext.keyManagerPassword=
## The TrustStore password.
# jetty.sslContext.trustStorePassword=
## The TrustStore type.
# jetty.sslContext.trustStoreType=PKCS12
## The TrustStore provider.
# jetty.sslContext.trustStoreProvider=
## Whether client certificate authentication is required.
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired, but not required.
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant.
# jetty.sslContext.useCipherSuitesOrder=true
## The SSLSession cache size.
# jetty.sslContext.sslSessionCacheSize=-1
## The SSLSession cache timeout (in seconds).
# jetty.sslContext.sslSessionTimeout=-1
## Whether TLS renegotiation is allowed.
# jetty.sslContext.renegotiationAllowed=true
## The max number of TLS renegotiations per connection.
# jetty.sslContext.renegotiationLimit=5
server.ini
# ---------------------------------------
# Module: server
# Enables and configures the Jetty server.
# This module does not enable any network protocol support.
# To enable a specific network protocol such as HTTP/1.1, you must enable the correspondent Jetty module.
# ---------------------------------------
--module=server
### Common HTTP configuration
## Scheme to use to build URIs for secure redirects
#jetty.httpConfig.secureScheme=https
## Port to use to build URIs for secure redirects
jetty.httpConfig.securePort=8443
## Response content buffer size (in bytes)
# jetty.httpConfig.outputBufferSize=32768
## Max response content write length that is buffered (in bytes)
# jetty.httpConfig.outputAggregationSize=8192
## Max request headers size (in bytes)
# jetty.httpConfig.requestHeaderSize=8192
## Max response headers size (in bytes)
# jetty.httpConfig.responseHeaderSize=8192
## Whether to send the Server: header
# jetty.httpConfig.sendServerVersion=true
## Whether to send the Date: header
# jetty.httpConfig.sendDateHeader=false
## Max per-connection header cache size (in nodes)
# jetty.httpConfig.headerCacheSize=1024
## Whether, for requests with content, delay dispatch until some content has arrived
# jetty.httpConfig.delayDispatchUntilContent=true
## Maximum number of error dispatches to prevent looping
# jetty.httpConfig.maxErrorDispatches=10
## Relative Redirect Locations allowed
# jetty.httpConfig.relativeRedirectAllowed=false
## Whether to use direct ByteBuffers for reading or writing
# jetty.httpConfig.useInputDirectByteBuffers=true
# jetty.httpConfig.useOutputDirectByteBuffers=true
## HTTP Compliance: RFC7230, RFC7230_LEGACY, RFC2616, RFC2616_LEGACY, LEGACY
# jetty.httpConfig.compliance=RFC7230
## URI Compliance: DEFAULT, LEGACY, RFC3986, RFC3986_UNAMBIGUOUS, UNSAFE
# jetty.httpConfig.uriCompliance=DEFAULT
## Cookie compliance mode for parsing request Cookie headers: RFC6265_STRICT, RFC6265, RFC6265_LEGACY, RFC2965, RFC2965_LEGACY
# jetty.httpConfig.requestCookieCompliance=RFC6265
## Cookie compliance mode for generating response Set-Cookie: RFC2965, RFC6265
# jetty.httpConfig.responseCookieCompliance=RFC6265
## multipart/form-data compliance mode of: LEGACY(slow), RFC7578(fast)
# jetty.httpConfig.multiPartFormDataCompliance=RFC7578
### Server configuration
## Whether ctrl+c on the console gracefully stops the Jetty server
# jetty.server.stopAtShutdown=true
## Timeout in ms to apply when stopping the server gracefully
# jetty.server.stopTimeout=5000
## Dump the state of the Jetty server, components, and webapps after startup
# jetty.server.dumpAfterStart=false
## Dump the state of the Jetty server, components, and webapps before shutdown
# jetty.server.dumpBeforeStop=false
### Server Scheduler Configuration
## The scheduler thread name, defaults to "Scheduler-{hashCode()}" if blank.
# jetty.scheduler.name=
## Whether the server scheduler threads are daemon.
# jetty.scheduler.daemon=false
## The number of server scheduler threads.
# jetty.scheduler.threads=1
http.ini
# ---------------------------------------
# Module: http
# Enables a clear-text HTTP connector.
# By default clear-text HTTP/1.1 is enabled, and clear-text HTTP/2 may be added by enabling the "http2c" module.
# ---------------------------------------
--module=http
### Clear-Text HTTP Connector Configuration
## The host/address to bind the connector to.
# jetty.http.host=0.0.0.0
## The port the connector listens on.
jetty.http.port=8081
## The connector idle timeout, in milliseconds.
# jetty.http.idleTimeout=30000
## The number of acceptors (-1 picks a default value based on number of cores).
# jetty.http.acceptors=1
## The number of selectors (-1 picks a default value based on number of cores).
# jetty.http.selectors=-1
## The ServerSocketChannel accept queue backlog (0 picks the platform default).
# jetty.http.acceptQueueSize=0
## The thread priority delta to give to acceptor threads.
# jetty.http.acceptorPriorityDelta=0
## Whether to enable the SO_REUSEADDR socket option.
# jetty.http.reuseAddress=true
## Whether to enable the SO_REUSEPORT socket option.
# jetty.http.reusePort=false
## Whether to enable the TCP_NODELAY socket option on accepted sockets.
# jetty.http.acceptedTcpNoDelay=true
## The SO_RCVBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.http.acceptedReceiveBufferSize=-1
## The SO_SNDBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.http.acceptedSendBufferSize=-1
https.ini
# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector.
# ---------------------------------------
--module=https
list-config
Enabled Modules:
----------------
0) bytebufferpool transitive provider of bytebufferpool for server
ini template available with --add-module=bytebufferpool
1) resources transitive provider of resources for logging-jetty
2) logging/slf4j transitive provider of logging/slf4j for logging-jetty
dynamic dependency of logging-jetty
3) logging-jetty transitive provider of logging for threadpool
transitive provider of logging for server
transitive provider of logging for console-capture
4) threadpool transitive provider of threadpool for server
ini template available with --add-module=threadpool
5) server ${jetty.base}\start.d\server.ini
6) jndi transitive provider of jndi for plus
7) security transitive provider of security for webapp
transitive provider of security for plus
8) servlet transitive provider of servlet for webapp
transitive provider of servlet for jsp
9) webapp transitive provider of webapp for plus
transitive provider of webapp for deploy
ini template available with --add-module=webapp
10) plus transitive provider of plus for annotations
11) annotations ${jetty.base}\start.d\annotations.ini
12) apache-jsp transitive provider of apache-jsp for jsp
13) apache-jstl transitive provider of apache-jstl for jstl
14) console-capture ${jetty.base}\start.d\console-capture.ini
15) deploy ${jetty.base}\start.d\deploy.ini
16) ssl ${jetty.base}\start.d\ssl.ini
17) https ${jetty.base}\start.d\https.ini
18) jsp ${jetty.base}\start.d\jsp.ini
19) jstl ${jetty.base}\start.d\jstl.ini
20) secure-redirect ${jetty.base}\start.d\secure-redirect.ini
21) test-keystore ${jetty.base}\start.d\test-keystore.ini
Java Environment:
-----------------
java.home = C:\Program Files\Eclipse Adoptium\jdk-17.0.7+7
java.vm.vendor = Eclipse Adoptium
java.vm.version = 17.0.7+7
java.vm.name = OpenJDK 64-Bit Server VM
java.vm.info = mixed mode, sharing
java.runtime.name = OpenJDK Runtime Environment
java.runtime.version = 17.0.7+7
java.io.tmpdir = C:\Users\Bojan\AppData\Local\Temp\
user.dir = C:\qaelum\services\Webserver
user.language = en
user.country = US
Jetty Environment:
------------------
jetty.version = 10.0.15
jetty.tag.version = jetty-10.0.15
jetty.build = 68017dbd00236bb7e187330d7585a059610f661d
jetty.home = C:\qaelum\frameworks\jetty10
jetty.base = C:\qaelum\services\Webserver
Config Search Order:
--------------------
<command-line>
${jetty.base} -> C:\qaelum\services\Webserver
${jetty.home} -> C:\qaelum\frameworks\jetty10
System Properties:
------------------
(no system properties specified)
Properties:
-----------
bouncycastle.version = 1.70
java.version = 17.0.7
java.version.major = 17
java.version.micro = 7
java.version.minor = 0
java.version.platform = 17
jetty.base = C:\qaelum\services\Webserver
jetty.base.uri = file:///C:/qaelum/services/Webserver
jetty.console-capture.dir = C:\qaelum\services\Webserver\logs
jetty.home = C:\qaelum\frameworks\jetty10
jetty.home.uri = file:///C:/qaelum/frameworks/jetty10
jetty.httpConfig.securePort = 8443
jetty.ssl.port = 8443
jetty.sslContext.keyStorePassword = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStorePath = etc/test-keystore.p12
jetty.sslContext.keyStoreType = PKCS12
jetty.webapp.addServerClasses = org.eclipse.jetty.logging.,${jetty.home.uri}/lib/logging/,org.slf4j.,${jetty.base.uri}/lib/bouncycastle/
runtime.feature.alpn = true
slf4j.version = 2.0.5
Jetty Server Classpath:
-----------------------
Version Information on 32 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
changes to the --module=name command line options will be reflected here.
0: (dir) | ${jetty.base}\resources
1: 2.0.5 | ${jetty.home}\lib\logging\slf4j-api-2.0.5.jar
2: 10.0.15 | ${jetty.home}\lib\logging\jetty-slf4j-impl-10.0.15.jar
3: 4.0.6 | ${jetty.home}\lib\jetty-servlet-api-4.0.6.jar
4: 10.0.15 | ${jetty.home}\lib\jetty-http-10.0.15.jar
5: 10.0.15 | ${jetty.home}\lib\jetty-server-10.0.15.jar
6: 10.0.15 | ${jetty.home}\lib\jetty-xml-10.0.15.jar
7: 10.0.15 | ${jetty.home}\lib\jetty-util-10.0.15.jar
8: 10.0.15 | ${jetty.home}\lib\jetty-io-10.0.15.jar
9: 10.0.15 | ${jetty.home}\lib\jetty-jndi-10.0.15.jar
10: 10.0.15 | ${jetty.home}\lib\jetty-security-10.0.15.jar
11: 10.0.15 | ${jetty.home}\lib\jetty-servlet-10.0.15.jar
12: 10.0.15 | ${jetty.home}\lib\jetty-webapp-10.0.15.jar
13: 10.0.15 | ${jetty.home}\lib\jetty-plus-10.0.15.jar
14: 1.3.3 | ${jetty.home}\lib\jakarta.transaction-api-1.3.3.jar
15: 10.0.15 | ${jetty.home}\lib\jetty-annotations-10.0.15.jar
16: 9.5 | ${jetty.home}\lib\annotations\asm-9.5.jar
17: 9.5 | ${jetty.home}\lib\annotations\asm-analysis-9.5.jar
18: 9.5 | ${jetty.home}\lib\annotations\asm-commons-9.5.jar
19: 9.5 | ${jetty.home}\lib\annotations\asm-tree-9.5.jar
20: 1.3.5 | ${jetty.home}\lib\annotations\jakarta.annotation-api-1.3.5.jar
21: 3.26.0.v20210609-0549 | ${jetty.home}\lib\apache-jsp\org.eclipse.jdt.ecj-3.26.0.jar
22: 10.0.15 | ${jetty.home}\lib\apache-jsp\org.eclipse.jetty.apache-jsp-10.0.15.jar
23: 9.0.52 | ${jetty.home}\lib\apache-jsp\org.mortbay.jasper.apache-el-9.0.52.jar
24: 9.0.52 | ${jetty.home}\lib\apache-jsp\org.mortbay.jasper.apache-jsp-9.0.52.jar
25: 1.2.5 | ${jetty.home}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-impl-1.2.5.jar
26: 1.2.5 | ${jetty.home}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-spec-1.2.5.jar
27: 10.0.15 | ${jetty.home}\lib\jetty-deploy-10.0.15.jar
28: 10.0.15 | ${jetty.home}\lib\jetty-keystore-10.0.15.jar
29: 1.70.00.0 | ${jetty.base}\lib\bouncycastle\bcpkix-jdk15on-1.70.jar
30: 1.70.0 | ${jetty.base}\lib\bouncycastle\bcprov-jdk15on-1.70.jar
31: 1.70.00.0 | ${jetty.base}\lib\bouncycastle\bcutil-jdk15on-1.70.jar
Jetty Active XMLs:
------------------
${jetty.home}\etc\jetty-bytebufferpool.xml
${jetty.home}\etc\jetty-threadpool.xml
${jetty.home}\etc\jetty.xml
${jetty.home}\etc\jetty-webapp.xml
${jetty.home}\etc\console-capture.xml
${jetty.home}\etc\jetty-deploy.xml
${jetty.home}\etc\jetty-ssl.xml
${jetty.home}\etc\jetty-ssl-context.xml
${jetty.home}\etc\jetty-https.xml
${jetty.home}\etc\jetty-secure-redirect.xml
${jetty.home}\etc\jetty-test-keystore.xml
i am also using the test-keystore.ini
Enable the secure-redirect module.
$ cd /path/to/my-jetty-base
$ java -jar /opt/jetty-home-10.0.15/start.jar --add-module=secure-redirect
This will add the org.eclipse.jetty.server.handler.SecuredRedirectHandler to your Server.
That will use the information present in the HttpConfiguration regarding what ports you consider plain text vs secure to know how to redirect properly (be it 80 to 443, or 8080 to 8443, or even arbitrary ports like 20080 to 20443)